Bagle Variant Exacts a 'Price' with Infected Zip Files

Advertisement (Why?)

Another variant of the ubiquitous Bagle worm is now making its way across the Internet, flooding in-boxes with infected Zip files. The newest member of the Bagle family, named Bagle.AQ, arrives via an e-mail message with a spoofed sending address and no subject line. The only text in the message body is typically one or two words, either "price" or "new price."

The name of the infected Zip file that accompanies the message is some variation on that theme as well. The files often are named Price.zip or New_price.zip, and may have a number appended to the end of the file name. Bagle.AQ first appeared Monday and began circulating in earnest in the early afternoon Eastern time. Some users reported getting as many as 100 infected messages in an hour. Virus researchers said they first began seeing Bagle.AQ at about 8 a.m. Monday and have been seeing thousands of copies an hour.

News source: eWeek

"The PSP is a portable game machine, and people may think it's oriented towards playing simple games, but it really has the same hardware performance as the PS2," comments Yamauchi in the interview. "Since we're already developing the GT4's system on the PS2 hardware, we're planning to port that directly to the PSP."

Yamauchi broadened the discussion to PSP games in general. "There's basically two ways of making games for the PSP. One way is to develop an original new game, which in general will be limited in its content since the price of PSP games aren't going to be too high, meaning the game's development budget will also be limited. We're going to be taking the second method, which is to take a system from a major title, and effectively sliding it onto the PSP hardware," he said.

Yamauchi also said that Gran Turismo 4 for the PS2 is currently still around 75 percent complete and that he plans to release it by the end of the year. Given that fact, though, it is unlikely whether the PSP version will be finished in time for the PSP launch in Japan this fall and in the US in early 2005.

(1 reply) #1 Azadre on 09 Aug 2004 - 23:44

wow, I got that today
Avant caught it

#1.1 Hurmoth on 10 Aug 2004 - 00:19

We got hit at work ... more then a 100 systems got infected and one got it 40 times

#2 Funaho on 10 Aug 2004 - 00:06

i got that on my network mail server today. my first virus, although i didn't open the file, i just deleted it. Symantec was updated shortly there after.

(1 reply) #3 Lurchybaby on 10 Aug 2004 - 00:39

Yep, we got hit at work as well. Only the latest version of Symantec Corporate NAV and SMSE didn't detect it (and they have the latest signatures on it).

#3.1 sparkyewu on 10 Aug 2004 - 16:02

Cor. Nav didnt detect it at all at business either. Kinda a bummer, since in the corporation is where viruses can really hurt. I used a personal version of mcafee and it detected it right away.

#4 [moribundi] on 10 Aug 2004 - 00:59

We got hit at work today as well.

#5 DjTeriyake on 10 Aug 2004 - 01:32

Got it in my University email today. That address used to be immune and unknown to ANY form of spam or virus. Oh well I guess the word's out now: rape my inboxen!!

#6 berlamont on 10 Aug 2004 - 02:46

first virus at my home address i have to say; just opened it in notepad for kicks (norton hadn't caught it at first) kinda interesting

(1 reply) #7 thenewbrgnewman on 10 Aug 2004 - 03:03

what does the virus even do?

#7.1 Yuxi on 10 Aug 2004 - 13:28

send emails to everyone on your contact list.

(3 replies) #8 Xenomorph on 10 Aug 2004 - 03:10

what the hell is an infected ZIP file? since when can a zip be infected? its not executable.

#8.1 Colonel_Angus on 10 Aug 2004 - 03:30

method 1: store executable in zip file, rely on user ingorance to extract + execute.

method 2: take advantage of a buffer overflow in the program used to open the zip file; execute arbitrary code. pwned.

Does your antivirus look inside zip files? Does your antivirus have any buffer overflows in the code it uses to look inside zip files? Are you sure?

#8.2 diamonds on 10 Aug 2004 - 03:39

yeah I opened the zip, and then opened price.exe in a hex editor, still playing with it
:p

#8.3 Octol on 10 Aug 2004 - 13:40

Waaaa....I'm jealous. My ISP now filters all incoming email for malware and won't let me have any to play with!

(1 reply) #9 MitchShrader on 10 Aug 2004 - 04:09

(yawn).. been done. slow week for the virus coders, huh? must be getting ready to go back to middle school.

#9.1 Hurmoth on 10 Aug 2004 - 12:25

Probably!

#10 squirrelist on 10 Aug 2004 - 13:22

Our company managed to remain untouched by the virus. Maybe it's becuase I'm very anal about installing patches. Lots of people have received it, but even though the virus scanner hasn't updated lists, no one caught it. Even our head secretary who received the email "from" our CEO. So she thought it was legit at first. I still don't know where that email originated from. But another one of our more computer savvy employees reported it to me when they received something fishy. The sneaky thing about this one is it sticks the exe in a subfolder, so you might not see it right away.

#11 Yuxi on 10 Aug 2004 - 13:29

NAV2003 on my comp didn't catch it, but I didn't open it because I'm used to junk mail flooding my inbox.

#12 Fally on 10 Aug 2004 - 14:56

Who uses email anymore? :p

#13 sparkyewu on 10 Aug 2004 - 16:06

Alot of people

#14 digitalslacker on 10 Aug 2004 - 23:37

yeah we got hit at work pretty hard, we had to filter the file names out until the nav's could be updated from mcafee, no infections though, users were actaully smart enough to not open the attachment, imagine that!

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net